AMENDMENTS TO THE CLAIMS 



This listing of claims will replace all prior versions, and listings, of claims 
in the application: 

Listing of Claims: 

1 1 . (Currently amended) A method that facilitates secure electronic 

'I commerce, comprising: 

3 providing a consumer with a file of security data relating to an account 

4 maintained by a financial institution, wherein the file of security data includes: 

5 a consumer identifier, 

6 a private key for encryption and authentication of data, 

7 a first public key related to the private key for decryption 

8 and authentication of data, 

9 an identifier identifying the financial institution, 

10 a second public key belonging to the financial institution, 

11 the account number that has been encrypted with a key 

12 known only to the financial institution creating an encrypted 

13 account number, 

14 a first certificate signed by a recognized certificate authority 

15 that validates the financial institution, 

16 a second certificate signed by the financial institution that 

17 validates the consumer, and 

18 computer algorithms to use the file of security data ; 

19 creating a financial transaction between the consumer and a merchant, 

20 wherein the financial transaction is protected using security data from the file, and 

21 wherein the financial transaction is structured to contain an account number in a 
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22 form that is undecipherable by the merchant, thereby prevent the merchant from 

23 knowing the account number for the account; 

24 validating by the merchant that the financial institution identified by the 

25 financial transaction is acceptable using security data from the file; 

26 requesting by the merchant that the financial institution authorize the 

27 financial transaction; 

28 receiving by the merchant an authorization from the financial institution to 

29 complete the financial transaction; 

30 completing the financial transaction between the consumer and the 

3 1 merchant; and 

32 notifying the financial institution that the financial transaction is complete. 
1 2. (Cancelled) 

1 3. (Currently amended) The method o f claim 2 claim 1 , wherein the 

2 file of security data is provided to the consumer on a smart card. 

1 4. (Original) The method of claim 3, wherein protecting the financial 

2 transaction involves: 

3 creating a first hash of the financial transaction; and 

4 encrypting the first hash, the second certificate, and the encrypted account 

5 number using the second public key creating a secure envelope of transaction 

6 data, wherein the first hash is created at a secure site available only to the 

7 consumer. 

1 5. (Original) The method of claim 4, wherein requesting by the 

2 merchant that the financial institution authorize the financial transaction involves: 

3 creating a second hash of the financial transaction by the merchant; 
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4 sending the secure envelope and the second hash to the financial 

5 institution; 

6 decrypting at the financial institution the secure envelope using the private 

7 key of the financial institution; 

8 comparing the first hash with the second hash; and 

9 if the first hash is identical to the second hash, 

10 decrypting the encrypted account number to recover the 

1 1 account number for the account belonging to the consumer, 

12 verifying that the financial transaction is valid fur the 

13 account, and 

14 if valid, authorizing the financial transaction. 

1 6. (Original) The method of claim 5, wherein verifying that the 

2 financial transaction is valid for the account includes: 

3 verifying that the second certificate was signed by the financial institution; 

4 determining that the account is valid; and 

5 ensuring that a transaction amount is not greater than an authorized 

6 transaction amount. 

1 7. (Original) The method of claim 4, wherein the secure site 

2 available only to the consumer is within the smart card. 



1 8. (Currently amended) The method of^kim^^lairni, wherein 

2 validating by the merchant that the financial institution identified by the financial 

3 transaction is acceptable involves: 

4 receiving at the merchant the first certificate; and 

5 validating that the first certificate was signed by the recognized certificate 

6 authority. 
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1 9. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 

3 method that facilitates secure electronic commerce, comprising: 

4 providing a consumer with a file of security data relating to an account 

5 maintained by a financial institutio n wherein the file of security data includes: 

6 a consumer identifier, 

7 a private key for encryption and authentication of data, 

8 a first public key related to the private key for decryption 

9 and authentication of data, 

10 an identifier identifying the financial institution, 

11 a second public key belonging to the financial institution, 

12 the account number that has been encrypted with a key 

13 known only to the financial institution creating an encrypted 

14 account number, 

15 a first certificate signed by a recognized certificate authority 

16 that validates the financial institution, 

17 a second certificate signed by the financial institution that 

18 validates the consumer, 

19 computer algorithms to use the file of security data ; 

20 creating a financial transaction between the consumer and a merchant, 

21 wherein the financial transaction is protected using security data from the file, and 

22 wherein the financial transaction is structured to contain an account number in a 

23 form that is undecipherable by the merchant, thereby prevent the merchant from 

24 knowing the account number for the account; 

25 validating by the merchant that the financial institution identified by the 

26 financial transaction is acceptable using security data from the file; 

27 requesting by the merchant that the financial institution authorize the 

28 financial transaction; 
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29 receiving by the merchant an authorization from the financial institution to 

30 complete the financial transaction; 

3 1 completing the financial transaction between the consumer and the 

32 merchant; and 

33 notifying the financial institution that the financial transaction is complete. 
1 10. (Cancelled) 

1 i i . (Currently amended) The computer-readable storage medium of 

2 claim 10 claim 9 , wherein the file of security data is provided to the consumer on 

3 a smart card. 

1 12. (Original) The computer-readable storage medium of claim 1 1, 

2 wherein protecting the financial transaction involves: 

3 creating a first hash of the financial transaction; and 

4 encrypting the first hash, the second certificate, and the encrypted account 

5 number using the second public key creating a secure envelope of transaction 

6 data, wherein the first hash is created at a secure site available only to the 

7 consumer. 

1 13. (Original) The computer-readable storage medium of claim 12, 

2 wherein requesting by the merchant that the financial institution authorize the 

3 financial transaction involves: 

4 creating a second hash of the financial transaction by the merchant; 

5 sending the secure envelope and the second hash to the financial 

6 institution; 

7 decrypting at the financial institution the secure envelope using the private 

8 key of the financial institution; 
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comparing the first hash with the second hash; and 
if the first hash is identical to the second hash, 

decrypting the encrypted account number to recover the 
account number for the account belonging to the consumer, 

verifying that the financial transaction is valid for the 
account, and 

if valid, authorizing the financial transaction. 

14. (Original) The computer-readable storage medium of claim 13, 
wherein verifying that the financial transaction is valid for the account includes: 

verifying that the second certificate was signed by the financial institution; 
determining that the account is valid; and 

ensuring that a transaction amount is not greater than an authorized 
transaction amount. 

15. (Original) The computer-readable storage medium of claim 12, 
wherein the secure site available only to the consumer is within the smart card. 

16. (Currently amended) The computer-readable storage medium of 
claim 10 claim 9 , wherein validating by the merchant that the financial institution 
identified by the financial transaction is acceptable involves: 

receiving at the merchant the first certificate; and 
validating that the first certificate was signed by the recognized certificate 
authority. 

17. (Currently amended) An apparatus that facilitates secure electronic 
commerce, comprising: 
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3 a providing mechanism configured to provide a consumer with a 

4 file of security data relating to an account maintained by a financial 

5 institution wherein the file of security data includes: 

6 a consumer identifier, 

7 a private key for encryption and authentication of data, 

8 a first public key related to the private key for decryption 

9 and authentication of data, 

10 an identifier identifying the financial institution, 

i i a second public key belonging io ihe financial iiisiiluiiuii, 

12 the account number that has been encrypted with a key 

13 known only to the financial institution creating an encrypted 

14 account number, 

15 a first certificate signed by a recognized certificate authority 

16 that validates the financial institution, 

17 a second certificate signed by the financial institution that 

18 validates the consumer, and 

19 computer algorithms to use the file of security data ; 

20 a first creating mechanism configured to create a financial transaction 

21 between the consumer and a merchant, wherein the financial transaction is 

22 protected using security data from the file, and wherein the financial transaction is 

23 structured to contain an account number in a form that is undecipherable by the 

24 merchant, thereby prevent the merchant from knowing the account number for the 

25 account; 

26 a first validating mechanism that is configured to validate that the financial 

27 institution identified by the financial transaction is acceptable using security data 

28 from the file; 

29 a requesting mechanism that is configured to request that the financial 

30 institution authorize the financial transaction; 
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3 1 a first receiving mechanism that is configured to receive an authorization 

32 from the financial institution to complete the financial transaction; 

33 a completing mechanism that is configured to complete the financial 

34 transaction between the consumer and the merchant; and 

35 a notifying mechanism that is configured to notify the financial institution 

36 that the financial transaction is complete. 

1 18. (Cancelled) 

1 19. (Currently amended) The apparatus o f claim 18 claim 17 , wherein 

2 the file of security data is provided to the consumer on a smart card. 



1 20. (Original) The apparatus of claim 19, further comprising: 

2 a second creating mechanism that is configured to create a first hash of the 

3 financial transaction; and 

4 an encrypting mechanism that is configured to encrypt the first hash, the 

5 second certificate, and the encrypted account number using the second public key 

6 creating a secure envelope of transaction data, wherein the first hash is created at a 

7 secure site available only to the consumer. 

1 21 . (Original) The apparatus of claim 20, further comprising: 

2 a creating mechanism that is configured to create a second hash of the 

3 financial transaction by the merchant; 

4 a sending mechanism that is configured to send the secure envelope and 

5 the second hash to the financial institution; 

6 a decrypting mechanism that is configured to decrypt the secure envelope 

7 using the private key of the financial institution; 
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8 a comparing mechanism that is configured to compare the first hash with 

9 the second hash; 

10 wherein the decrypting mechanism is farther configured to decrypt the 

1 1 encrypted account number to recover the account number for the account 

12 belonging to the consumer; 

1 3 a first verifying mechanism that is configured to verify that the financial 

14 transaction is valid for the account; and 

15 an authorizing mechanism that is configured to authorize the financial 

16 transaction. 

1 22. (Original) The apparatus of claim 21 , further comprising: 

2 a second verifying mechanism that is configured to verify that the second 

3 certificate was signed by the financial institution; 

4 a determining mechanism that is configured to determine that the account 

5 is valid; and 

6 an ensuring mechanism that is configured to ensure that a transaction 

7 amount is not greater than an authorized transaction amount. 

1 23. (Original) The apparatus of claim 20, wherein the secure site 

2 available only to the consumer is within the smart card. 



1 24. (Currently amended) The apparatus o f claim 1 8 claim 17 , further 

2 comprising: 

3 a second receiving mechanism at the merchant that is configured to receive 

4 the first certificate; and 

5 a second validating mechanism that is configured to validate that the first 

6 certificate was signed by the recognized certificate authority. 
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